Using a WRT54G (v5) for wardriving?

"Ken Bessler" hath wroth:

No. It has no client mode. V5 doesn't work with alternative firmware that supports Kismet drone. Sorry.

What firmware revision does do that? I may just sell my V5 on eBay and pick up an earlier model.....maybe...

73's

"Ken Bessler" hath wroth:

WRT54G v1 thru v4 will work. Same with WRT54GS.

are also some other models that use the Broadcom chipset that can run Linux. Note the list of serial numbers so you can identify the hardware version without opening the box: See: for my recommended Linux firmware.

Documentation page:

Feature list:

There's quite a bit on the web for setting up Kismet drone on a WRT54G. Please note that Kismet Drone is not really intended for war driving. It's major purpose is to build a network of sniffers that can be interrogated from a central location. If you had a number of WRT54G wireless routers running over a "campus" type area, you could monitor all the "drones" at the same time. It will work with one WRT54G, but is rather wasted.

I rather question why you would want to wardrive with a WRT54G. Using Kismet from a laptop running one of the LiveCD distributions is just as good. I suggest Security Auditor from:

sure your wireless card is supported: the 600MByte iso image. Burn a CD. Boot it and use Kismet to do your war driving. There are also a wide variety of Linux wireless tools to keep you entertained.

Thanks for the great info, Jeff - I just sold my v5 (for a $4 profit) and got a new v4 (for $73). I'm a little surprised why you question my using my router for wardriving, being a fellow Ham and all. Let me explain it, though:

I've invested some money and considerable time building a WiFi system. I have a hi performance laptop internal card with 6dbd gain antennas and now I have a better router on the way. I built a 16 element co linear antenna and mounted it (with good coax) on a 30' pole.

I don't intend on driving around town with my router in client mode - maybe wardriving was a poor choice of terms on my part. I'm simply trying to get some real world numbers on the results of my work. I'll find the various hotspots around here with my laptop, come home and then put the router as a base in client mode to see if it hears them too.

It's all just a fun study project for me..... I mean, all I have to do to get online is enable my ethernet port on the thinkpad and Boom! I'm online. No need for all this wireless stuff but then again there is a park about 1/3rd of a mile from me and I could go sit on a bench, drink a coke, read email and watch the sunset. I guess this has a purpose, after all.....

Ken KG0WX

"KG0WX" hath wroth:

Nicely done. V4 is a bit of an oddity. The stock Linksys firmware allegedly has a 3MByte limit to uploading firmware. This means that the standard version of DD-WRT might not fit. The recommended proceedure is to upload the small version of DD-WRT, and then upload the standard version. However, there have been reports that you don't have to do this any more. I didn't want to risk turning a friends WRT54G into a brick, so I did it the 2 step way.

Nice. I'm not a big fan of high gain colinear antennas because of the combiner losses. Past about 12dBi, a dish is cheaper and easier to build.

Yep. My comments are mostly why you would want to drive around with a WRT54G on your vehicle roof, when a much simpler USB radio or antenna will work as well.

You mean like signal strength and coverage area?

Well, ok. That's interesting but not sufficient justification for this exercise.

Well, it's quite easy with a WRT54G running DD-WRT. You find the well hidden site survey page and it will find all the hot spots. Then just hit connect and you're on. Status -> Wireless -> Site Survey This is what you get:

you hit "join", it messes up many of your settings by turning the WRT54G into a client wireless bridge radio.

Or, you can do it from the telnet command line: wl ap 0 (turn off access point mode) wl scan (scan for access points) wl scanresults (display results) wl ap 1 (turn access point mode back on)

SSID: "Mariposa's Art" Mode: Managed RSSI: -89 dBm noise: -99 dBm Channel: 6 BSSID: 00:0D:88:BF:5A:97 Capability: ESS WEP ShortPre ShortSlot Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 6 12 24 36 9 18 48 54 ]

SSID: "CMS" Mode: Managed RSSI: -75 dBm noise: -93 dBm Channel: 11 BSSID: 00:11:50:0C:92:F7 Capability: ESS WEP ShortSlot Supported Rates: [ 1(b) 2(b) 5.5(b) 11(b) 18 24 36 54 6 9 12 48 ] WPA: multicast cipher: TKIP unicast ciphers(1): TKIP AKM Suites(1): WPA-PSK No WPA Capabilities advertised

I try not to think about it too much. Reality has a way of ruining hobbies and adventures.

Enlighten me - how does uploading a smaller fw 1st make uploading a larger fw safer? I plan on doing it that way - I'm just curious as to why it needs to be done that way.

Ken

"Ken Bessler" hath wroth:

The stock Linksys firmware has a 3MByte firmware limit. The mini version of DD-WRT does not have the 3MByte firmware limit.

The safety aspect is that there are reports that one can go directly from the stock Linksys firmware to the standard version of DD-WRT. However, the reports I read in the past didn't bother to mention from what Linksys version, so I can't be sure if the version I have will work.

See the muddle at: |

Oh, I get it - the stock fw has a limit of 3m and the DD-WRT is bigger than that so you need to overwrite with the smaller file which has no limit, allowing the 2nd upload of the full version.

Thanks for explaining that.

Ken